Website Security 101 – Part 2
Hello again, welcome to Part 2 of Website Security 101 and in case you missed it Website Security 101 – Part 1
Locking Down WordPress
It’s not completely uncommon for hackers to try and break into your WordPress site by guessing your admin password. These sorts of hackers use a technique called Brute Force and have tools at their exposal that will repeatedly attempt to gain access automatically.
By default, WordPress allows users to attempt different passwords as many times as they want. Thankfully, there is a simple way to prevent this by installing and activating a plugin called Login Lockdown. This free plugin will give you the power to limit the number of login attempts for your users.
Once installed and activated, navigate to Settings >> Login Lockdown to access the plugins config page.
- Set the Max Login Retries to 3
- Retry Time Period Restriction to 5 minutes
- Lockout Length to 60 minutes
- Click Update Settings located at the bottom of the page
Recovering Your Website After Being Hacked
If your website has fallen victim to being hacked, then the fastest way to restore your website is to simply delete it from your hosting server and restore your most recent backup. Stay calm we talked you through how to perform backups in part 1 of our Website Security 101 blog post. In less severe cases you may be able to simply select each page and post and revert to a previous revision.
Steps To Take
- If you need to, contact your web designer and focus on restoring your website to its former glory. Restore backups, check for updates to WordPress, plugins and themes.
- Change your passwords. Ensure you update the passwords you use to log into WP Admin for all of your sites users. There are plugins available to enforce password changes globally.
- Report the hack to your website hosting provider. You may not have been the only victim and there may be steps the host needs to take depending on how the hack occurred.
- Ensure your local computers are free from viruses and malware. Again unless you can confirm how the hack occurred you need to scan the entire environment.
7 Security Focused Plugins
Here are 7 Security focused plugins specifically for WordPress.
- BulletProof Security
- Sucuri Security
- iThemes Security
- Acunetix WP SecurityScan
- All In One WP Security & Firewall
- 6Scan Security
Summary of Website Security 101 – Part 2
In this second instalment, we looked at quick easy ways we can lock down a WordPress website. We set a limit on the number of login attempts, discussed what steps to take to recover your website after being hacked and listed 7 Security Focused WordPress Plugins.